Class: Net::IMAP::SASL::OAuthBearerAuthenticator

Inherits:
OAuthAuthenticator show all
Defined in:
lib/net/imap/sasl/oauthbearer_authenticator.rb

Overview

Authenticator for the “OAUTHBEARER” SASL mechanism, specified in RFC7628. Authenticates using OAuth 2.0 bearer tokens, as described in RFC6750. Use via Net::IMAP#authenticate.

RFC6750 requires Transport Layer Security (TLS) to secure the protocol interaction between the client and the resource server. TLS MUST be used for OAUTHBEARER to protect the bearer token.

Constant Summary

Constants included from GS2Header

GS2Header::NO_NULL_CHARS, GS2Header::RFC5801_SASLNAME

Instance Attribute Summary collapse

Attributes inherited from OAuthAuthenticator

#authzid, #host, #last_server_response, #mthd, #path, #port, #post, #qs

Instance Method Summary collapse

Methods inherited from OAuthAuthenticator

#done?, #initial_client_response, #process

Methods included from GS2Header

#gs2_authzid, #gs2_cb_flag, #gs2_header, gs2_saslname_encode

Constructor Details

#initialize(arg1 = nil, arg2 = nil, oauth2_token: nil, secret: nil, **args, &blk) ⇒ OAuthBearerAuthenticator

:call-seq:

new(oauth2_token,          **options) -> authenticator
new(authzid, oauth2_token, **options) -> authenticator
new(oauth2_token:,         **options) -> authenticator

Creates an Authenticator for the “OAUTHBEARER” SASL mechanism.

Called by Net::IMAP#authenticate and similar methods on other clients.

Parameters

  • #oauth2_token — An OAuth2 bearer token

All other keyword parameters are passed to super (see OAuthAuthenticator). The most common ones are:

  • optional #authzid ― Authorization identity to act as or on behalf of.

    optional #username — An alias for #authzid.

    Note that, unlike some other authenticators, username sets the authorization identity and not the authentication identity. The authentication identity is established for the client by #oauth2_token.

  • optional #host — Hostname to which the client connected.

  • optional #port — Service port to which the client connected.

Although only oauth2_token is required by this mechanism, it is worth noting that application protocols are allowed to require #authzid (or other parameters, such as #host or #port) as are specific server implementations.



177
178
179
180
181
182
183
184
# File 'lib/net/imap/sasl/oauthbearer_authenticator.rb', line 177

def initialize(arg1 = nil, arg2 = nil,
               oauth2_token: nil, secret: nil,
               **args, &blk)
  username, oauth2_token_arg = arg2.nil? ? [nil, arg1] : [arg1, arg2]
  super(username: username, **args, &blk)
  @oauth2_token = oauth2_token || secret || oauth2_token_arg or
    raise ArgumentError, "missing oauth2_token"
end

Instance Attribute Details

#oauth2_tokenObject (readonly) Also known as: secret

An OAuth 2.0 bearer token. See RFC-6750



141
142
143
# File 'lib/net/imap/sasl/oauthbearer_authenticator.rb', line 141

def oauth2_token
  @oauth2_token
end

Instance Method Details

#authorizationObject

Value of the HTTP Authorization header



193
# File 'lib/net/imap/sasl/oauthbearer_authenticator.rb', line 193

def authorization; "Bearer #{oauth2_token}" end

#initial_response?Boolean

:call-seq:

initial_response? -> true

OAUTHBEARER sends an initial client response.

Returns:

  • (Boolean)


190
# File 'lib/net/imap/sasl/oauthbearer_authenticator.rb', line 190

def initial_response?; true end